IOC Radar
TLP:WHITE132 IOCs

ClickFix Campaigns Targeting Windows and macOS

RF
Recorded Future Blog
Published March 25, 2026Original Report

Threat Actors

Malware Families

Diamond Model

SOCIAL AXISTECHNOLOGY AXISADVERSARYAPT28INFRASTRUCTUREbebirdrank.comquiptly.comacconthelpdesk.comCAPABILITYLummaRedLineSocGholishVICTIMunknown
Adversary(1)
Infrastructure(6)
Capability(4)
Victim

5W+H Threat Analysis

Analysis unavailable

Indicators of Compromise

Indicators of Compromise132

TypeIndicatorConfidenceScoreFirst Seen
SHA2565d821db386c7c879caeabf3e9f94c94a48eec6ec5a3a0efbae9d69da3f52c1db
file-hashintel-blogmalware
Medium
53
Jun 3, 26
Domainbebirdrank.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domainquiptly.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domainacconthelpdesk.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
IP45.144.233.192
intel-blogmalwarenetwork
High
58
Jun 3, 26
IP45.93.20.141
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domainshopifyservercloud.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domainanthonydee.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domainhostmaster.extracareliving.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domainfixbirdrank.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domainusbirdrank.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domainbancatangcode.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
IP91.202.233.206
intel-blogloadermalware
High
58
Jun 3, 26
Domainoctopox.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domain4freepics.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domainextracareliving.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domaintopbirdrep.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
IP152.89.244.70
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domainhelpbirdrep.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domaincryptoinfnews.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
URLhttps://alababababa.cloud/cVGvQio6.txt.
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domainmac-os-helper.com
exploitintel-blogmalware
High
58
Jun 3, 26
Domainmybirdrank.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domainmacapp-apple.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domaincheckpulse.com
exploitintel-blogmalware
High
58
Jun 3, 26
Domainvaletfortesla.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domainsuedfactoring.it.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domaintraderslinkfx.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domainmacosxapp.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domainusebirdrep.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domainbirdrepbiz.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domainoptbirdrank.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domaincryptonews-info.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domainguypinions.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domaingobirdrank.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domainaccount-help.info
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domainbirdrankfx.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domainbirdrankusa.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domaingetbirdrank.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
IP193.58.122.97
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domainsign-in-op-token.com
intel-blogloadermalware
High
58
Jun 3, 26
SHA256c0af6e9d848ada3839811bf33eeb982e6c207e4c40010418e0185283cd5cff50
file-hashintel-blogmalware
Medium
53
Jun 3, 26
Domainustazazharidrus.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domainmacosxappstore.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domainappmacintosh.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
IP193.35.17.12
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domainnowbirdrank.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domainbirdreplab.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domainthepulseactivity.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domainappsmacosx.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domainbirdrankinc.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domainaccount-helpdesk.icu
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domainappmacosx.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domainmacosx-apps.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domaindeinhealthcoach.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domainaccountpulse.help
intel-blogmalwarenetwork
High
58
Jun 3, 26
IP193.222.99.212
intel-blogmalwarenetwork
High
58
Jun 3, 26
IP62.164.177.230
c2intel-blogmalware
High
58
Jun 3, 26
Domainbirdrankzen.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domaincryptoinfo-allnews.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domaintheinvestworthy.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domainms-scedg.com
exploitintel-blogmalware
High
58
Jun 3, 26
Domainmrinmay.net
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domaingologpoint.com
c2intel-blogmalware
High
58
Jun 3, 26
Domainadmin-activitycheck.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domainjustbirdrank.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domaincustomblindinstall.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domaintopbirdrank.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domainbirdrepgo.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domainchrm-srv.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domainvipbirdrank.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domainsurecomforts.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domainmacapps-apple.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domainbirdrankus.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domainfinancementure.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domaincheckaccountactivity.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
SHA25643907e54cf3d1258f695d1112759b5457576481072cc76a679b8477cfeb3db87
file-hashintel-blogmalware
Medium
53
Jun 3, 26
IP94.156.112.115
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domainnobovcs.com
intel-blogloadermalware
High
58
Jun 3, 26
Domainyvngvualr.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domainacebirdrep.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
IP77.91.65.31
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domainbitbirdrep.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domainhelpdeskpulse.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domainmacosx-app.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domainbirdrepsys.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
IP77.91.65.144
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domainfomomforhealth.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domainhotelupdatesys.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domainbirdrankup.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domainbilliardinstitute.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domaingrandmastertraders.traderslinkfx.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domainbirdrankbox.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domainhelpbirdrank.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domainned.coveney-ltd.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domainmacxapp.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domainvisitbundala.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domainapposx.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
SHA256b17c3e4058aacdcc36b18858d128d6b3058e0ea607a4dc59eb95b18b7c6acc7c
exploitfile-hashintel-blog
Medium
53
Jun 3, 26
Domainelive777a.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domainorkneygateway.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domainbirdrepusa.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domainariciversontile.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domainpulse-help-desk.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domainnhacaired88.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
SHA256397dcea810f733494dbe307c91286d08f87f64aebbee787706fe6561ed3e20f8
file-hashintel-blogmalware
Medium
53
Jun 3, 26
Domainbirdrephelp.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domainaccount-helpdesk.top
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domainbkng-updt.com
intel-blogloadermalware
High
58
Jun 3, 26
Domainmacxapp.org
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domainbitbirdrank.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
IP87.236.16.20
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domainaccount-helpdesk.info
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domainappxmacos.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domainbirdrankvip.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domainmacosapp-apple.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domainaccountmime.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domainbirdrankllc.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domaininfobirdrep.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domainjoeyapple.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domaincheckpulses.com
exploitintel-blogmalware
High
58
Jun 3, 26
Domainbirdrepuse.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domainbirdranktip.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domainbirdrankgo.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domainprobirdrep.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
IP45.93.20.50
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domaincheckhelpdesk.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domaincryptoinfo-news.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domainbirdrankmax.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domainelive123go.com
intel-blogmalwarenetwork
High
58
Jun 3, 26
Domainthestayreserve.com
intel-blogloadermalware
High
58
Jun 3, 26
Domainsubsgod.com
intel-blogmalwarenetwork
High
58
Jun 3, 26

IOC Relationship Graph

IOC Relationship Graph132 total IOCs
SHA256DomainIPURL
Domain113IP13SHA2565URL1Actors1Malware4REPORTClickFix Campaigns TargetiAPT28LummaRedLineSocGholishVidar
scroll to zoom · drag to pan · click IOC to open